Vulnerability

Memory Corruption in QSEECOM Driver (CVE-2014-4322)

Publish date: October 09, 2015

CVE-2014-4322

SEVERITY

HIGH

//  ADVISORY DATE

02 OCT 2015


DESCRIPTION

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.

TREND MICRO PROTECTION INFORMATION


SOLUTION

AFFECTED SOFTWARE AND VERSION

  • All Android releases from CAF using the Linux kernel.

Featured Stories

Connect with us on